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DETAILED ACTION 

Priority 

1. Applicant's claim for benefit of foreign priority under 35 U.S.C. 119 (a) - (d) is . 
acknowledged. 

The application is filed on 10/31/2003 but has a foreign priority application filed 
on 3/27/2003. 

Claim Objections 

2. Claim 10 is objected to because of the following informalities: "is storage 
management software" should be "is a storage management software". Appropriate 
correction is required. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



3. Claims 1 and 8 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention 
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Claim 1 recites the limitations (a) "the electronic information appliance (Page 11 
Line 5)" should be "an electronic information appliance" because there is insufficient 
antecedent basis for this limitation in the claim; and (b) claim 1 also recites "handing 
over the authorization to the embedded software" (Page 1 1 Line 13)". There is 
insufficient antecedent basis for this limitation in the claim because it is not clear 
whether the authorization is referred to the parameter access authorization or not. 

Claim 8 recites the limitations " the sequence of the parameters (Page 12 Line 
7)" should be "a sequence of the parameters" because there is insufficient antecedent 
basis for this limitation in the claim. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1 - 3, 5, 6 and 8 - 10 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Falkenberg (U.S. Patent 2003/0056115), in view of Torrubia-Saez 
(U.S. Patent 6,683,546). 
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As per claim 1 , Falkenberg teaches a method for protecting an embedded 
software (Falkenberg: Para [0001], Para [0015] Line 1 -8: CPU executable instructions 
stored in ROM is qualified as an embedded software), whereby a verification 
mechanism of the embedded software is modified as to require the embedded software 
to be operated in coordination with hardware characteristics of an authorized electronic 
information appliance (Falkenberg: Para [0004]: permitting external access only through 
a dedication function controlled by the module itself), the electronic information 
appliance having a storage device and firmware to enable execution of the embedded 
software only in the authorized electronic information appliance (Falkenberg: Para 
[0018]: only through a dedicated functions and dedicated data section), the method 
comprising steps of: 

(1) having a first program of the embedded software store parameters to be 
transmitted in a first address of the storage device (Falkenberg: Figure 1 / Element 130 
& 120 and Para [0018]: the data parameter access (e.g., store / write) of (X, Y, Z) of the 
external function (Fig. 1 / Element 130) is stored / written onto the (X, Y, Z) of firmware 
private data section (Fig. 1 / Element 120) - where (X, Y, Z) of the external function is 
considered as a first address), and having the embedded software pass a parameter 
access authorization through a function of the firmware to the firmware of the electronic 
information appliance (Falkenberg: Para [0018] and Figure 1 / Element 110: a 
parameter access (RD/WR) from an external function can be authorized only through a 
dedication function in code section and a private data section); 
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(2) having the firmware rearrange and store the parameters in a second address 
of the storage device, and handing over the authorization to the embedded software 
(Falkenberg: Figure 1 / Element 130 & 120 and Para [0018]: the data parameter access 
(e.g., store / write) of (X, Y, Z) of the external function (Fig. 1 / Element 130) is stored / 
written onto the (X, Y, Z) of firmware private data section (Fig. 1 / Element 120) - where 
(X, Y, Z) of the firmware private data section is considered as a second address and a 
parameter access (RD/WR) from an external function (embedded software) can be 
authorized only through a dedication function in code section and a private data 
section). 

However, Falkenberg does not disclose expressly (3) having the embedded 
software call and pass the authorization to a second program of the embedded 
software, and having the second program extract the parameters from a default 
parameter address, and determining whether the parameters are correct, wherein, if the 
parameters are correct, the embedded software is properly executed, otherwise the 
embedded software is disabled. 

Torrubia-Saez teaches (3) having the embedded software call and pass the 
authorization to a second program of the embedded software (Torrubia-Saez : Column 
20 Line 51 - 60 and Figure 18: the "hooking" routine (i.e. the execution notifier) of 
access control routine is considered as a second program of the embedded software), 
and having the second program extract the parameters from a default parameter 

address (Torrubia-Saez : Column 20 Line 25 - 29: a made-up data section is used by 

« 

the "hooking" routine), and determining whether the parameters are correct (Torrubia- 
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Saez : Column 16 Line 24 - 27 and Column 21 Line 23 - 25: signature can be 
considered as a part of the parameters used for authorization if necessary), wherein, if 
the parameters are correct, the embedded software is properly executed, otherwise the 
embedded software is disabled (Torrubia-Saez : Column 21 Line 5 - 7: if authorized, 
the hooking routine (i.e. the execution notifier) calls the appropriate routine in the 
operation system). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Torrubia-Saez within the system of 
Falkenberg because (a) Falkenberg teaches providing a mechanism for protecting data 
in firmware modules of embedded system (Falkenberg: Para [0001]) and (b) Torrubia- 
Saez teaches providing a "hooking" routine (i.e. the execution notifier) associated with a 
program object (i.e. external function) for access control purpose prior to interfacing with 
operation system in order to avoid directly accessing the private data section in a 
computer system (Torrubia-Saez : Column 20 Line 53 - 60, Column 2 Line 22 - 24 and 
Column 21 Line 5-7). 

As per claim 2, Falkenberg as modified teaches the electronic information 
appliance is a storage server (Torrubia-Saez : Column 17 Line 56 - 62 and Column 19 
Line 29 - 30). 

As per claim 3, Falkenberg as modified teaches the storage device is a memory 
(Torrubia-Saez : Column 19 Line 29 - 30 and Column 4 Line 7). 
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As per claim 5, Falkenberg as modified teaches the first program is a main 
program of the embedded software (Falkenberg : Para [0016] Line 8-9 and Figure 1 / 
Element 130). 

As per claim 6, Falkenberg as modified teaches the address of the storage 
device in step (1) is a buffer in the memory (Torrubia-Saezg: Column 17 Line 35 - 36: 
data loaded into a memory is considered as a memory buffer). 

As per claim 8, Falkenberg as modified teaches encoding and rearranging the 
sequence of the parameters before having the firmware rearrange and store the 
parameters according to a different sequence in a second address of the storage device 
in step (2) (Torrubia-Saezg: Column 20 Line 45 - 50 & Figure 18: rearranging the 
sequence of the parameters by the execution notifier to prevent the data intrusion 
attacks). 

As per claim 9, Falkenberg as modified teaches the second program is an 
auxiliary program of the embedded software (Torrubia-Saezg: Column 20 Line 53 - 60: 
the execution notifier (i.e. hooking routine) associated with the embedded software is 
considered as an auxiliary program). 
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As per claim 10, Falkenberg as modified teaches the embedded software is a 
storage management software (Torrubia-Saezg: Torrubia-Saez : Column 17 Line 56 - 
62 and Column 19 Line 29 - 30). 

5. Claims 4 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Falkenberg (U.S. Patent 2003/0056115), in view of Torrubia-Saez (U.S. Patent 
6,683,546), and in view of Alexander et al. (U.S. Patent 6,188,602). 

i • 

As per claim 4, Falkenberg as modified does not disclose expressly the firmware 
is a basic input/output system (BIOS). 

Alexander teaches the firmware is a basic input/output system (BIOS) (Alexander 
; Column 3 Line 37 - 45: the firmware BIOS provides security features for register- 
based read and write protection for code / data storage blocks). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Alexander within the system of 
Falkenberg as modified because (a) Falkenberg teaches providing a mechanism for 
protecting data in firmware modules of embedded system (Falkenberg: Para [0001]) 
and (b) Alexander teaches providing the firmware BIOS with security features for 
register-based read and write protection for code / data storage blocks that lock / unlock 
memory access only after successful data validations (Alexander : Column 3 Line 37 - 
45 and Column 5 Line 58 - 61). 



Application/Control Number: 10/697,304 Page 9 

Art Unit: 2131 

As per claim 7, Falkenberg as modified does not disclose expressly the function 
provided by the firmware is an appliance management interrupt (SMI) function. 

Alexander teaches the function provided by the firmware is an appliance 
management interrupt (SMI) function (Alexander ; Column 3 Line 37 - 45: the firmware 
BIOS provides security features for register-based read and write protection for code / 
data storage blocks and the SMI locks / unlocks memory access only after successful 
data validations ). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Alexander within the system of 
Falkenberg as modified because (a) Falkenberg teaches providing a mechanism for 
protecting data in firmware modules of embedded system (Falkenberg: Para [0001]) 
and (b) Alexander teaches providing the firmware BIOS with security features for 
register-based read and write protection for code / data storage blocks that lock / unlock 
memory access only after successful data validations (Alexander : Column 3 Line 37 - 
45 and Column 5 Line 58 - 61). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




LongbitChai, Ph.D. 
Patent Examiner 
Art Unit 2131 
2/8/2007 
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